Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2026-26144

Опубликовано: 10 мар. 2026
Источник: msrc
CVSS3: 7.5
EPSS Низкий

Описание

Microsoft Excel Information Disclosure Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

FAQ

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.

What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially cause Copilot Agent mode to exfiltrate data via unintended network egress, enabling zero-click information disclosure attack

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Unlikely

EPSS

Процентиль: 32%
0.00127
Низкий

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2026-26144

CVSS3: 7.5
nvd
16 дней назад

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

github логотип

GHSA-39m5-6xwx-6qjf

CVSS3: 7.5
github
16 дней назад

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

fstec логотип

BDU:2026-03051

CVSS3: 7.5
fstec
17 дней назад

Уязвимость пакета программ Microsoft 365 Apps for Enterprise, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 32%
0.00127
Низкий

7.5 High

CVSS3